Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Pc6OfzyWFGdNvDhcydjSn1ihYJs.roa
File:                     Pc6OfzyWFGdNvDhcydjSn1ihYJs.roa (raw, json)
Hash identifier:          +jc9HYrGfDFEHoZT1pIkrXhzXoePq3hmQWQZgFoiCog=
Subject key identifier:   3D:CE:8E:7F:3C:96:14:67:4D:BC:38:5C:C9:D8:D2:9F:58:A1:60:9B
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7945078CF9805F53A875EEE0F89B0A9
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Pc6OfzyWFGdNvDhcydjSn1ihYJs.roa
Signing time:             Tue 02 Jan 2024 00:30:35 +0000
ROA not before:           Tue 02 Jan 2024 00:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43395
IP address blocks:        2.188.232.0/23 maxlen: 23
                          2.188.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:50:78:cf:98:05:f5:3a:87:5e:ee:0f:89:b0:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dce8e7f3c9614674dbc385cc9d8d29f58a1609b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8c:43:91:4c:b9:46:72:4c:ed:11:69:68:0a:
                    12:a5:69:55:6e:6d:45:14:fd:23:76:a4:7a:b6:7e:
                    21:a8:a1:6f:c7:54:59:e6:d3:da:51:a2:9c:0f:0f:
                    76:3d:35:ec:1e:7f:65:0b:21:47:f3:a6:ca:2a:af:
                    fe:d9:55:7c:75:c2:42:63:89:f2:b9:6c:e2:79:b4:
                    c1:4c:7a:3d:9a:4e:15:77:bc:71:d5:0b:74:4f:8b:
                    be:ac:d7:7e:24:0d:2e:1c:0b:eb:4e:d1:cb:2f:14:
                    d6:93:55:a8:da:e5:92:3b:27:b9:49:42:74:42:fb:
                    01:4f:39:81:3f:2d:2e:12:e9:ea:85:f3:18:d2:6c:
                    44:9c:4e:b2:bb:e8:dd:bb:04:a2:29:3c:2a:e2:9c:
                    db:de:d2:b7:59:8c:ee:b3:79:d3:64:97:8b:f1:f6:
                    9d:7a:cf:bd:b3:c3:2f:8b:2d:72:fe:bd:09:81:ec:
                    0e:9a:1c:75:c6:2b:d1:ff:20:d2:81:ed:33:21:1d:
                    48:68:8a:4b:df:4d:32:a2:26:7f:21:92:00:65:e5:
                    e2:c4:72:b5:31:ad:12:2c:35:fe:0a:6b:74:31:80:
                    64:e4:6d:39:c5:ee:30:e8:7d:1a:2c:b9:b5:e1:35:
                    03:04:1b:e4:cd:c0:03:2b:d9:7e:95:9d:be:c8:b0:
                    51:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:CE:8E:7F:3C:96:14:67:4D:BC:38:5C:C9:D8:D2:9F:58:A1:60:9B
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/Pc6OfzyWFGdNvDhcydjSn1ihYJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.232.0/23
                  2.188.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:6a:47:f2:a4:2f:82:f6:42:25:00:60:c7:8e:63:59:bf:ec:
         79:ec:53:1f:0a:d0:e5:40:17:0f:da:96:94:3f:27:1f:0d:a7:
         c3:7a:4e:10:79:58:28:ff:6a:ce:a6:72:ac:87:44:c7:cc:71:
         8c:84:39:46:0f:ff:8f:29:e7:d1:fd:97:11:c9:3d:2c:27:a8:
         c4:5a:aa:7f:35:b0:c2:37:34:63:7b:69:37:9f:79:61:eb:94:
         dd:b1:56:38:58:cc:48:b7:5b:cd:6e:19:03:dc:1a:3f:74:fe:
         fb:c3:a7:b2:07:94:56:de:6e:11:15:2c:42:3a:2a:d5:75:a2:
         0a:07:02:65:80:eb:00:0b:3c:6b:df:6f:1d:ac:d4:07:ee:cb:
         8d:93:ec:88:29:7f:71:7f:ef:89:e2:e2:3a:34:22:73:fe:40:
         99:84:bb:81:31:ca:ac:42:82:e5:e5:b5:03:95:f1:f7:c6:a1:
         ac:1b:ef:fa:86:7b:94:2d:f0:8e:62:d9:bc:83:56:f2:dc:0d:
         ae:eb:11:56:09:a3:95:5a:01:83:eb:d5:fe:37:f5:ce:16:a4:
         63:12:7f:13:28:00:1d:5e:ea:e5:27:22:54:80:f5:31:e7:18:
         41:89:ad:62:09:9b:d5:bb:86:52:1a:b7:2a:ea:9b:c8:a5:44:
         ba:6f:77:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlFB4z5gF9TqHXu4PibCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGNlOGU3ZjNjOTYxNDY3NGRiYzM4NWNjOWQ4ZDI5ZjU4YTE2MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4xDkUy5RnJM7RFpaAoSpWlVbm1F
FP0jdqR6tn4hqKFvx1RZ5tPaUaKcDw92PTXsHn9lCyFH86bKKq/+2VV8dcJCY4ny
uWziebTBTHo9mk4Vd7xx1Qt0T4u+rNd+JA0uHAvrTtHLLxTWk1Wo2uWSOye5SUJ0
QvsBTzmBPy0uEunqhfMY0mxEnE6yu+jduwSiKTwq4pzb3tK3WYzus3nTZJeL8fad
es+9s8Mviy1y/r0JgewOmhx1xivR/yDSge0zIR1IaIpL300yoiZ/IZIAZeXixHK1
Ma0SLDX+Cmt0MYBk5G05xe4w6H0aLLm14TUDBBvkzcADK9l+lZ2+yLBRBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD3Ojn88lhRnTbw4XMnY0p9YoWCbMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvUGM2T2Z6eVdGR2ROdkRoY3lkalNuMWloWUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBArzoAwQB
ArzsMA0GCSqGSIb3DQEBCwUAA4IBAQCMakfypC+C9kIlAGDHjmNZv+x57FMfCtDl
QBcP2paUPycfDafDek4QeVgo/2rOpnKsh0THzHGMhDlGD/+PKefR/ZcRyT0sJ6jE
Wqp/NbDCNzRje2k3n3lh65TdsVY4WMxIt1vNbhkD3Bo/dP77w6eyB5RW3m4RFSxC
OirVdaIKBwJlgOsACzxr328drNQH7suNk+yIKX9xf++J4uI6NCJz/kCZhLuBMcqs
QoLl5bUDlfH3xqGsG+/6hnuULfCOYtm8g1by3A2u6xFWCaOVWgGD69X+N/XOFqRj
En8TKAAdXurlJyJUgPUx5xhBia1iCZvVu4ZSGrcq6pvIpUS6b3cu
-----END CERTIFICATE-----